We configured logging on a session rule and succesfully have new hits logged to syslog, e.g.
authmgr[1908]: <124006> <WARN> <ARUBA> {20416} TCP srcip=10.1.1.1 srcport=1092 dstip=10.1.2.1 dstport=8020, action=permit, role=authenticated, policy=auth-acl
Is there a possibility to log a session close aswell? Especially interested in the TCP RST/FIN/Timeout messages as you would have on other firewalls. If a log total of incoming/outgoing bytes/packets would be possible, please share aswell :-)